Tag: macOS

Atomic macOS infostealer adds backdoor for persistent attacks

Jul 7, 2025 9:34 PM

Tags: access, attack, backdoor, macOS, malware

Malware analyst discovered a new version of the Atomic macOS info-stealer (also known as ‘AMOS’) that comes with a backdoor, to attackers persistent access to compromised systems. First seen on bleepingcomputer.com Jump to article: www.bleepingcomputer.com/news/security/atomic-macos-infostealer-adds-backdoor-for-persistent-attacks/
âš¡ Weekly Recap: Chrome 0-Day, Ivanti Exploits, MacOS Stealers, Crypto Heists and More

Jul 7, 2025 2:34 PM

Tags: browser, chrome, crypto, exploit, ivanti, macOS, password, threat, tool, zero-day

Everything feels secure”, until one small thing slips through. Even strong systems can break if a simple check is missed or a trusted tool is misused. Most threats don’t start with alarms”, they sneak in through the little things we overlook. A tiny bug, a reused password, a quiet connection”, that’s all it takes.Staying safe…
SECURITY AFFAIRS MALWARE NEWSLETTER ROUND 52

Jul 6, 2025 2:34 PM

Tags: crypto, international, macOS, malware, threat

Security Affairs Malware newsletter includes a collection of the best articles and research on malware in the international landscape 10 Things I Hate About Attribution: RomCom vs. TransferLoader macOS NimDoor – DPRK Threat Actors Target Web3 and Crypto Platforms with Nim-Based Malware Warning Against Distribution of Malware Disguised as Research Papers (Kimsuky Group) Dissecting Kimsuky’s…
Security Affairs newsletter Round 531 by Pierluigi Paganini INTERNATIONAL EDITION

Jul 6, 2025 7:34 AM

Tags: email, international, korea, macOS, malware, north-korea, threat, update, WeeklyReview

A new round of the weekly Security Affairs newsletter has arrived! Every week, the best security articles from Security Affairs are free in your email box. Enjoy a new round of the weekly SecurityAffairs newsletter, including the international press. North Korea-linked threat actors spread macOS NimDoor malware via fake Zoom updates Critical Sudo bugs expose…
North Korea-linked threat actors spread macOS NimDoor malware via fake Zoom updates

Jul 5, 2025 7:34 PM

Tags: backdoor, crypto, hacker, korea, macOS, malware, north-korea, phishing, threat, update

North Korea-linked hackers use fake Zoom updates to spread macOS NimDoor malware, targeting crypto firms with stealthy backdoors. North Korea-linked threat actors are targeting Web3 and crypto firms with NimDoor, a rare macOS backdoor disguised as a fake Zoom update. Victims are tricked into installing the malware through phishing links sent via Calendly or Telegram.…
Novel macOS malware leveraged to compromise crypto, Web3 orgs

Jul 3, 2025 10:34 PM

Tags: crypto, macOS, malware

First seen on scworld.com Jump to article: www.scworld.com/brief/novel-macos-malware-leveraged-to-compromise-crypto-web3-orgs
North Korean Hackers Target Crypto Firms with Novel macOS Malware

Jul 3, 2025 2:34 PM

Tags: crypto, hacker, macOS, malware, north-korea, programming

SentinelLabs observed North Korean actors deploying novel TTPs to target crypto firms, including a mix of programming languages and signal-based persistence First seen on infosecurity-magazine.com Jump to article: www.infosecurity-magazine.com/news/north-korea-crypto-macos-malware/
N Korean Hackers Drop NimDoor macOS Malware Via Fake Zoom Updates

Jul 3, 2025 1:34 PM

Tags: crypto, exploit, hacker, korea, macOS, malware, north-korea, update

SentinelLabs uncovers NimDoor, new North Korea-aligned macOS malware targeting Web3 and crypto firms. Exploits Nim, AppleScript, and steals Keychain, browser, shell, and Telegram data. First seen on hackread.com Jump to article: hackread.com/n-korean-hackers-nimdoor-macos-malware-fake-zoom-updates/
North Korean crypto thieves deploy custom Mac backdoor

Jul 3, 2025 12:35 AM

Tags: apple, apt, attack, backdoor, control, crime, crypto, cyberespionage, data, detection, email, finance, government, group, hacker, infection, injection, macOS, malicious, malware, north-korea, programming, rust, theft, threat, update

North Korean threat actors are targeting companies from the Web3 and crypto industries with a backdoor designed for macOS written in niche programming language Nim. The attackers are also using AppleScript for early stage payloads, including a fake Zoom update.”North Korean-aligned threat actors have previously experimented with Go and Rust, similarly combining scripts and compiled…
NimDoor crypto-theft macOS malware revives itself when killed

Jul 2, 2025 10:34 PM

Tags: crypto, hacker, macOS, malware, north-korea, theft

North Korean state-backed hackers have been using a new family of macOS malware called NimDoor in a campaign that targets web3 and cryptocurrency organizations. First seen on bleepingcomputer.com Jump to article: www.bleepingcomputer.com/news/security/nimdoor-crypto-theft-macos-malware-revives-itself-when-killed/
North Korean Hackers Target Web3 with Nim Malware and Use ClickFix in BabyShark Campaign

Jul 2, 2025 9:34 PM

Tags: communications, crypto, hacker, injection, korea, macOS, malware, north-korea, programming, threat

Threat actors with ties to North Korea have been observed targeting Web3 and cryptocurrency-related businesses with malware written in the Nim programming language, underscoring a constant evolution of their tactics.”Unusually for macOS malware, the threat actors employ a process injection technique and remote communications via wss, the TLS-encrypted version of the WebSocket protocol,” First seen…
New macOS Malware Uses Process Injection and Remote Access to Steal Keychain Credentials

Jul 2, 2025 3:34 PM

Tags: access, attack, credentials, crypto, cyber, injection, macOS, malware, north-korea, threat

A sophisticated campaign by North Korean (DPRK)-aligned threat actors targeting Web3 and cryptocurrency businesses has been uncovered, showcasing an alarming evolution in macOS malware tactics. According to detailed analysis by SentinelLABS, alongside corroborating reports from Huntabil.IT and Huntress, the attackers deploy a multi-stage attack chain featuring Nim-compiled binaries, process injection techniques, and encrypted remote communications.…
Chrome 0-Day Flaw Exploited in the Wild to Execute Arbitrary Code

Jul 1, 2025 7:34 AM

Tags: browser, chrome, cyber, exploit, flaw, google, linux, macOS, update, vulnerability, windows, zero-day

Google has issued an urgent security update for its Chrome browser, addressing a critical zero-day vulnerability that is being actively exploited by attackers. The flaw, tracked asCVE-2025-6554, is atype confusionvulnerability in Chrome’s V8 JavaScript engine, which underpins the browser’s ability to process web content across Windows, macOS, and Linux platforms. The vulnerability was discovered by…
MacOS malware Poseidon Stealer rebranded as Odyssey Stealer

Jun 28, 2025 10:34 PM

Tags: macOS, malware

First seen on scworld.com Jump to article: www.scworld.com/news/macos-malware-poseidon-stealer-rebranded-as-odyssey-stealer
N. Korean Group BlueNoroff Uses Deepfake Zoom Calls in Crypto Scams

Jun 26, 2025 3:36 PM

Tags: access, crypto, deep-fake, group, hacker, korea, macOS, malware, north-korea, scam

The notorious BlueNoroff group from North Korea is using deepfake video and deceptive Zoom calls to steal cryptocurrency by enticing targets to unwittingly download malware onto their macOS devices and letting the hackers to get access into them. First seen on securityboulevard.com Jump to article: securityboulevard.com/2025/06/n-korean-group-bluenoroff-uses-deepfake-zoom-calls-in-crypto-scams/
North Korean BlueNoroff Uses Deepfakes in Zoom Scams to Install macOS Malware for Crypto Theft

Jun 23, 2025 5:35 AM

Tags: crypto, deep-fake, macOS, malware, north-korea, scam, theft

The post North Korean BlueNoroff Uses Deepfakes in Zoom Scams to Install macOS Malware for Crypto Theft appeared first on Daily CyberSecurity. First seen on securityonline.info Jump to article: securityonline.info/north-korean-bluenoroff-uses-deepfakes-in-zoom-scams-to-install-macos-malware-for-crypto-theft/
Cybersecurity Snapshot: Tenable Report Spotlights Cloud Exposures, as Google Catches Pro-Russia Hackers Impersonating Feds

Jun 20, 2025 7:35 PM

Tags: access, advisory, ai, api, apple, attack, authentication, best-practice, business, cisa, cisco, cloud, conference, container, control, credentials, cve, cyber, cybersecurity, data, data-breach, detection, email, encryption, endpoint, exploit, google, governance, government, group, guide, hacker, Hardware, identity, infrastructure, intelligence, Internet, kubernetes, linux, macOS, microsoft, mitigation, mobile, monitoring, network, oracle, password, phishing, ransomware, risk, russia, service, social-engineering, software, sql, strategy, tactics, technology, threat, tool, update, vmware, vulnerability, windows

Check out highlights from Tenable’s “2025 Cloud Security Risk Report,” which delves into the critical risk from insecure cloud configurations. Plus, Google reveals a Russia-sponsored social engineering campaign that targeted prominent academics’ Gmail accounts. And get the latest on AI system security, just-in-time access, CIS Benchmarks and more! Dive into six things that are top…
North Korean Hackers Deploy Malware Using Weaponized Calendly and Google Meet Links

Jun 19, 2025 9:35 PM

Tags: attack, crypto, cyber, google, group, hacker, macOS, malicious, malware, north-korea, threat

The North Korean state-sponsored threat actor group, identified as TA444 (also known as BlueNoroff, Sapphire Sleet, and others), has unleashed a sophisticated malware campaign targeting cryptocurrency foundations. This intricate attack, uncovered by Huntress, leverages weaponized Calendly links and deceptive Google Meet invitations to deliver a barrage of malicious payloads, specifically designed for macOS systems. The…
North Korea’s BlueNoroff uses AI deepfakes to push Mac malware in fake Zoom calls

Jun 19, 2025 3:36 PM

Tags: access, ai, attack, backdoor, control, crypto, data, deep-fake, defense, detection, edr, endpoint, injection, korea, least-privilege, macOS, malicious, malware, north-korea, threat, tool, training

Campaign delivers modular, persistent, Mac-specific malware: Huntress recovered a total of eight distinct malicious binaries, each with specific tasks. The primary implant, ‘Telegram 2’, was written in Nim and embedded itself as a macOS LaunchDaemon to maintain persistence. It acted as a launchpad for the real power tools, including Go-based ‘Root Troy V4’ backdoor and…
BlueNoroff Deepfake Zoom Scam Hits Crypto Employee with MacOS Backdoor Malware

Jun 19, 2025 2:35 PM

Tags: apple, attack, backdoor, crypto, cyber, deep-fake, korea, macOS, malware, north-korea, scam, threat

The North Korea-aligned threat actor known as BlueNoroff has been observed targeting an employee in the Web3 sector with deceptive Zoom calls featuring deepfaked company executives to trick them into installing malware on their Apple macOS devices.Huntress, which revealed details of the cyber intrusion, said the attack targeted an unnamed cryptocurrency foundation employee, who received…
CISA Alerts: iOS Zero”‘Click Flaw Actively Exploited

Jun 17, 2025 9:54 AM

Tags: apple, cisa, cve, cyber, cybersecurity, exploit, flaw, infrastructure, macOS, vulnerability

The U.S. Cybersecurity and Infrastructure Security Agency (CISA) has issued a high-priority alert following the discovery and active exploitation of a critical zero-click vulnerability in Apple’s ecosystem, tracked as CVE-2025-43200. This flaw, now patched, enabled attackers to compromise iOS, iPadOS, macOS, watchOS, and visionOS devices without any user interaction, raising alarms across the cybersecurity and…
NinjaOne Adds macOS MDM to Streamline Cross-Platform Endpoint Management

Jun 16, 2025 10:54 PM

Tags: endpoint, macOS

First seen on scworld.com Jump to article: www.scworld.com/news/ninjaone-adds-macos-mdm-to-streamline-cross-platform-endpoint-management
Malicious PyPI Package Masquerades as Chimera Module to Steal AWS, CI/CD, and macOS Data

Jun 16, 2025 9:54 AM

Tags: credentials, cybersecurity, data, macOS, malicious, pypi, service

Cybersecurity researchers have discovered a malicious package on the Python Package Index (PyPI) repository that’s capable of harvesting sensitive developer-related information, such as credentials, configuration data, and environment variables, among others.The package, named chimera-sandbox-extensions, attracted 143 downloads and likely targets users of a service called Chimera Sandbox, First seen on thehackernews.com Jump to article: thehackernews.com/2025/06/malicious-pypi-package-masquerades-as.html
Apple Zero-Click Flaw in Messages Exploited to Spy on Journalists Using Paragon Spyware

Jun 13, 2025 9:54 AM

Tags: apple, cve, cyber, exploit, flaw, macOS, spy, spyware, vulnerability

Apple has disclosed that a now-patched security flaw present in its Messages app was actively exploited in the wild to target civil society members in sophisticated cyber attacks.The vulnerability, tracked as CVE-2025-43200, was addressed on February 10, 2025, as part of iOS 18.3.1, iPadOS 18.3.1, iPadOS 17.7.5, macOS Sequoia 15.3.1, macOS Sonoma 14.7.4, macOS Ventura…
Will New AI Browser Dia Redefine How We Use the Web?

Jun 12, 2025 6:54 PM

Tags: ai, macOS

Dia, a new AI browser from the makers of Arc, is available in beta on macOS, and only to existing Arc members or individuals they’ve invited. First seen on techrepublic.com Jump to article: www.techrepublic.com/article/news-arc-dia-the-browser-company/
Apple tries to contain itself with lightweight Linux VMs for macOS

Jun 10, 2025 8:55 AM

Tags: apple, framework, linux, macOS

Swift-based containerization framework aims to improve performance and security First seen on theregister.com Jump to article: www.theregister.com/2025/06/10/apple_tries_to_contain_itself/
New Atomic macOS Stealer Campaign Exploits ClickFix to Target Apple Users

Jun 6, 2025 7:55 PM

Tags: apple, cybersecurity, exploit, macOS, malware, social-engineering

Cybersecurity researchers are alerting to a new malware campaign that employs the ClickFix social engineering tactic to trick users into downloading an information stealer malware known as Atomic macOS Stealer (AMOS) on Apple macOS systems.The campaign, according to CloudSEK, has been found to leverage typosquat domains mimicking U.S.-based telecom provider Spectrum.”macOS users are served a…
What the Arc Browser Story Reveals About the Future of Browser Security

Jun 5, 2025 5:54 AM

Tags: ai, antivirus, api, browser, ceo, chrome, ciso, crypto, data, email, github, infrastructure, jobs, LLM, macOS, malware, password, phishing, saas, software, startup, update, vulnerability, windows

By Dakshitaa Babu, Security Researcher, SquareX In a candid letter that Joshua Miller, CEO of Arc Browser, wrote to the community, he revealed a truth the tech industry has been dancing around: “the dominant operating system on desktop wasn’t Windows or macOS anymore”Š”, “Šit was the browser.” The evidence is everywhere”Š”, “Šcloud revenue surging year…
Exploiting Clickfix: AMOS macOS Stealer Evades Security to Deploy Malicious Code

Jun 4, 2025 7:55 PM

Tags: cyber, exploit, infrastructure, Internet, macOS, malicious, social-engineering

A newly uncovered campaign involving an Atomic macOS Stealer (AMOS) variant has emerged, showcasing the evolving sophistication of multi-platform social engineering attacks. This campaign, discovered during routine attacker infrastructure analysis, leverages typo-squatted domains mimicking Spectrum, a prominent U.S.-based telecommunications provider offering cable television, internet, and managed services. By employing the Clickfix method, attackers deliver tailored…
Dark Partner Hackers Leverage Fake AI, VPN, and Crypto Sites to Target macOS and Windows Users

May 29, 2025 3:55 PM

Tags: ai, crypto, cyber, cybersecurity, group, hacker, macOS, malware, network, service, software, vpn, windows

A group dubbed >>Dark Partners